New Bluekit Phishing-as-a-Service Platform Offers AI Assistant and 40+ Templates
A new phishing-as-a-service platform called Bluekit provides over 40 realistic templates and an integrated AI assistant to help cybercriminals draft phishing emails, marking another step in the commoditization of AI-enhanced cybercrime tooling.
A new phishing kit named Bluekit is offering cybercriminals an all-in-one platform that bundles more than 40 realistic templates with an integrated AI assistant, according to an analysis by cybersecurity firm Varonis. The platform, described as a phishing-as-a-service (PhaaS) operation, provides templates targeting a wide range of popular services, including Outlook, Hotmail, Gmail, Yahoo, ProtonMail, iCloud, GitHub, Twitter, Zoho, Zara, and the cryptocurrency wallet service Ledger.
What sets Bluekit apart from other phishing kits is its AI Assistant panel, which supports multiple large language models including Llama, GPT-4.1, Claude, Gemini, and DeepSeek. The AI tool is designed to help attackers draft phishing emails, though Varonis noted that the generated outputs currently contain placeholder content, suggesting the feature is still in an early, experimental stage. "The generated draft included a useful structure, but it still depended on generic link fields, placeholder QR blocks, and copy that would need cleanup before use," Varonis reported.
Beyond the AI component, Bluekit integrates domain purchase and registration, phishing page setup, and campaign management into a single, unified dashboard. Operators can select domains, templates, and attack modes from a centralized interface, configure phishing page behavior such as redirects and login process handling, and monitor victim sessions in real-time. The platform also includes anti-analysis mechanisms, allowing users to block VPN or proxy traffic, headless user agents, or automated user agents, and set fingerprint-based filters to evade security tools.
Stolen credentials and session data are exfiltrated via Telegram, using private channels accessible only by the operators. The post-capture monitoring capabilities include access to cookies, local storage, and live session state, showing operators exactly what the victim was served after logging in. This feedback loop allows attackers to refine their phishing pages for maximum effectiveness.
Varonis commented that Bluekit is yet another example of an "all-in-one" phishing platform that gives lower-tier cybercriminals fully fledged tools to manage the entire phishing attack lifecycle. The kit currently appears to be under active development, receiving frequent updates and evolving quickly, which the researchers say makes it a strong candidate for growing adoption among cybercriminals.
The emergence of Bluekit reinforces a broader trend of cybercrime platforms integrating AI to streamline and scale their operations. This follows recent reports of other AI-enhanced tools, such as the ATHR voice phishing platform that leverages AI agents for social engineering attacks. As these platforms become more accessible and sophisticated, they lower the barrier to entry for less technically skilled attackers, potentially increasing the volume and sophistication of phishing campaigns targeting both consumers and enterprises.